Singapore struggles to comply with new privacy ruling
SINGAPORE’S Personal Data Privacy Commission (PDPC) recently ordered organizations to stop collecting people’s National Registration Identity Card (NRIC) numbers.
The new regulation that will come into effect September next year, is part of the government’s efforts to reduce incidents of identity theft and fraud.
However, this poses a challenge for many security and building management providers, who would need time and money to upgrade their existing verification systems to stop capturing full NRIC numbers.
Under the new ruling, any organizations that have implemented visitor management systems that record full NRIC numbers will have to make changes, so the software only captures the last three digits and the alphabet.
For reference, Singapore’s NRIC number format is a letter followed by 7 digits and ends with a letter. (eg. S7654321A) Some parts of the numbers and letters denote residency status and birth year.
Having said that, many buildings (eg. condominiums) in the country rely on retaining identification cards in exchange of visitor passes. These buildings would have to scrap their current procedures and install appropriate visitor management systems instead, which will rack up operation costs.
Beyond buildings, businesses have also been using NRIC numbers as a convenient measure to categorize members. This includes shopping malls using the identifier to register customers for lucky draws or to track parking redemptions.
To help facilitate these changes, PDPC and the Info-communications Media Development Authority (IMDA) have published a set of technical guidelines and template notices. They would also be identifying and pre-approving technology solutions suitable for adoption.
User-generated IDs, tracking numbers, and organization-issued QR codes are among some of the alternative technologies that are currently being considered as a replacement to NRIC collection. Experts have also suggested email addresses to be a good starting point.
For small and medium-sized enterprises (SMEs) that need to implement additional technologies, IMDA is offering the Productivity Solutions Grant to help cover the costs.
Speaking to local media Channel News Asia, Raj Joshua Thomas, President of Security Association Singapore, explained: “Security agencies incur liability when holding on to physical NRICs as well as NRIC data. The guidelines will help to ameliorate these issues, and the adoption of technology will be able to help in a big way, and is in line with the security industry’s transformation map.”
As Singapore moves towards becoming a smart nation, more and more data will be collected. It is therefore increasingly important for both consumers and businesses to understand the significance of protecting personal information.